Exploitation Summary
EIP tracks 2 public exploits for CVE-2010-4693. PoCs published by waraxe.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Coppermine Photo Gallery 1.5.10 by injecting a malicious payload into the 'picfile_222' parameter, which is then rendered in the browser context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
Exploits (2)
This exploit demonstrates a stored XSS vulnerability in Coppermine Photo Gallery 1.5.10 by injecting a malicious payload into the 'picfile_222' parameter, which is then rendered in the browser context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery 1.5.10 by injecting malicious script tags via the 'h' and 't' parameters in the help.php file. The payload executes arbitrary JavaScript in the context of the affected site.